uninstall.exe

Setup Factory Runtime

Stardock Corporation

The program is a setup application that uses the Setup Factory installer. This file is installed with multiple programs including WindowBlinds and Stardock WindowBlinds.
Publisher:
Indigo Rose Corporation  (signed by Stardock Corporation)

Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.2.0.0

MD5:
caabb3050bf1da18407c81ba30821c1c

SHA-1:
ff213d8681a8be1086997676274eeda3416a524e

SHA-256:
3d5196d503892353ce196c111d7a35076f95ffda1a10d21ac47df38fb3cf0a28

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/16/2024 5:20:30 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mindspark-A [PUP]
2014.9-140227

AVG
Zango
2015.0.3551

herdProtect (fuzzy)
2014.2.27.3

Trend Micro House Call
TROJ_GEN.F47V1001
7.2.58

VIPRE Antivirus
24656

File size:
1.3 MB (1,352,808 bytes)

Product version:
9.2.0.0

Copyright:
Runtime Engine Copyright © 2013 Indigo Rose Corporation (www.indigorose.com)

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation

Original file name:
suf_rt.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\Program Files\stardock\windowblinds\uninstall.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
10/4/2011 2:00:00 AM

Valid to:
10/4/2014 1:59:59 AM

Subject:
CN=Stardock Corporation, O=Stardock Corporation, STREET=15090 N Beck Rd, L=Plymouth, S=MI, PostalCode=48170, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4C2DA30D1E210459D4C5F57BBB91964E

File PE Metadata
Compilation timestamp:
8/27/2013 8:43:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:P3BrELwtW5a1bTFQE+m/OHe72CmAD/XWsQRs9fTSO7OwHmPWce6Nsn:vR2X6pymME2HAD/W5Rsleo+PWceaA

Entry address:
0x3C40A0

Entry point:
60, BE, 00, 40, 68, 00, 8D, BE, 00, D0, D7, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9209

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
1.3 MB (1,314,816 bytes)

The file uninstall.exe has been discovered within the following programs.

Stardock WindowBlinds  by Stardock Corporation
Publisher's description - “WindowBlinds is the world's most popular desktop enhancement utility. With a user base estimated at around 10 million, WindowBlinds is used by both consumers and corporations who want to change the way the Windows user interface looks and feels.”
www.windowblinds.net
25% remove it
WindowBlinds  by Stardock Corporation
Publisher's description - “You’re a unique individual with your own personal style - so why does your desktop look the same as everyone else’s? Choose from thousands of themes, change their colors, add textures, wallpapers, even start from the default Windows Aero theme if you wish.”
www.stardock.com
25% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to vip1.g5.cachefly.net  (205.234.175.175:80)

TCP (HTTP):
Connects to host-74-204-71-147.host.ussignalcom.net  (74.204.71.147:80)

TCP (HTTP):
Connects to host-74-204-71-137.host.ussignalcom.net  (74.204.71.137:80)

Scan uninstall.exe - Powered by Reason Core Security